Attackers continue to target US power grid

At WIRED have writing plenty on the threatens that cyberattacks pose to power grids around the world. But lately, the most significant attacks on electrical systems have demonstrated that hacking is hardly necessary when physical destruction and sabotage are an option: just as the Russian invasion force in Ukraine has electrical infrastructure systematically destroyed To cause widespread blackouts across the country, a mysterious and ongoing series of physical attacks has hit electric utilities in the American Southeast and, in one case, caused an extended outage for dozens of thousands of people.

We will come to that. In the meantime, however, the cyber news we talked about didn’t really stop this week: Apple added end-to-end encryption for its iCloud backupswhile officially canceling its plan to hunt child pornography content on iCloud and reopen a long-running rift with the FBI. Payroll and HR service provider Sequoia admitted to a data breach which included users’ social security numbers. A study of cybercrime forums revealed a tendency to scammers scammers scammers. And we looked at how Twitter files go fuel conspiracy theoristshow technology is helping UK authorities creating a “hostile environment” for immigrantsand security and privacy concerns regarding the Lensa AI portrait app.

But there is more. Each week, we highlight security news that we haven’t covered in depth ourselves. Click on the titles below to read the full stories.

During shootings at two electrical substations in North Carolina left 40,000 customers without power for days, the incident appeared to be an isolated, albeit bizarre and troubling one. But this week, the same utility, Duke Energy, reported gunshots at another facility, a hydroelectric plant in South Carolina. And combined with two other incidents of practical sabotage of US electrical installations in Oregon and Washington in October and November, the vulnerability of the US grid to old-fashioned physical damage began to appear as a serious threat.

No damage appears to have occurred in the South Carolina case, and in previous incidents in Washington, the utilities involved have called the cases “vandalism.” But intruders in Oregon carried out a more deliberate attack, breaching a perimeter fence and damaging equipment, according to the Oregon utility, causing a “brief” power outage in one instance. And in another set of separate incidents, Duke Energy saw half a dozen “intrusions” into substations in Florida, according to documents seen by Newsnation. Federal law enforcement is investigating the cases.

The incidents are reminiscent of another bizarre and isolated attack on the California power grid in 2015, when a sniper fired at an electrical substation and triggered a blackout in parts of Silicon Valley with $15 million in damage. These new cases, while still relatively small, show how vulnerable the US power grid remains to relatively simple forms of sabotage.

The state-sponsored Chinese hacker group APT41 has long practiced a rare blend of cyber espionage and cyber crime. The group, linked in a 2020 U.S. indictment to a company called Chengdu 404 working as a contractor for China’s Ministry of State Security, have been charged with moonlighting as thieves for profit and even deployment of ransomware. Now, NBC News is reporting that the Secret Service believes APT41 went so far as to steal $20 million from US Covid relief funds – state-sponsored hackers stealing money from the US government itself. About half of the stolen funds have reportedly been recovered. But a group of hackers on the Chinese government’s payroll stealing from US federal coffers represents a far more brazen red-line crossing than even APT41’s previous exploits.

The Met Opera announced earlier this week that it was the victim of an ongoing cyberattack that took down its website and online ticketing system. Given that the Met Opera sells $200,000 worth of tickets a day, losses from the disruption could seriously harm one of New York’s premier cultural institutions. As of Friday afternoon, the website was still offline and its administrators had moved ticket sales to a new site. The New York Timesin its report on the attack, pointed out that the Met Opera had criticized Russia’s war in Ukraine, going as far as separates from his Russian soprano– but there is still no real explanation for the attack.

Cybersecurity firm ESET this week blamed a campaign of data-destroying malware attacks targeting the diamond industry on a group of hackers it calls Agrius, which was previously linked to the Iranian government. Attackers hijacked software updates from an Israeli-made diamond industry software suite to deploy the erasing malware, which ESET calls Fantasy, in March this year. As a result, it hit targets not just in Israel, but others as far afield as a mining operation in South Africa and a jeweler in Hong Kong. Although Iranian cyberattacks against Israeli targets are certainly nothing new, ESET researchers writing does not speculate on the motivation for the attack.

Leave a Comment